Originally Posted by
lincolnjkc
In 2006 this was tried/executed --
https://www.wired.com/2006/10/northwest-airli/,
https://www.flightglobal.com/print-y.../70434.article and
https://www.schneier.com/blog/archiv..._your_own.html -- but at that time The IATA PDF417 BCBP wasn't yet a fully realized standard and NW was using a 1-dimensional barcode that was, IIRC just PNR+Flight+Class jammed together (so if your confirmation number was ABC123 and, flight was 456, and it was "B" class the barcode was just ABC1230456B. My understanding is the publicity of this exploit is part of the reason for the signature support in the IATA BCBP standard.
The risk (severity of which I'm meh about) is that someone who also possesses false credentials could use a forged BP to access the secure side of an airport either to avoid no-fly list detection, plant something for a future exploit, obfuscate travel patterns/meetings, etc. There are plenty of other ways those kinds of attacks could be launched that don't even implicate a TSA checkpoint but that is a set of risks that the powers that be may desire to mitigate against.
Last year, there were a number of standby pax on my SFO-EWR flight on a 777-200. The GA made an anouncement that there were seats for everyone. He told those on standly to “watch the United app on your smartphone for a boarding pass. And if you don’t have a smart phone, get one.” He was being humorous, it’s very true.
I have every boarding pass I’ve ever had screen captured and as far as I know, they’re all stil in my apple wallet. Since I’m always checking a bag, I grab one while I’m there, because why not.